package cn.edu.imnu.controller.common;

import com.aliyuncs.DefaultAcsClient;
import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.http.MethodType;
import com.aliyuncs.http.ProtocolType;
import com.aliyuncs.profile.DefaultProfile;
import com.aliyuncs.profile.IClientProfile;
import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest;
import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;
import common.model.ResponseModelBootstrapTable;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * \* Created with IntelliJ IDEA.
 * \* User: zhangZhigang
 * \* Date: 2017/11/2
 * \* Time: 上午10:35
 * \* To change this template use File | Settings | File Templates.
 * \* Description:
 * 获取图片直传接口
 * \
 */

@Controller
@RequestMapping("app/aliyun/apptoken")
public class AppTokenServerController {
    public static final String REGION_CN_HANGZHOU = "cn-hangzhou";
    public static final String STS_API_VERSION = "2015-04-01";



    protected AssumeRoleResponse assumeRole(String accessKeyId, String accessKeySecret, String roleArn,
											String roleSessionName, String policy, ProtocolType protocolType, long durationSeconds) throws ClientException
    {
        try {
            // 创建一个 Aliyun Acs Client, 用于发起 OpenAPI 请求
            IClientProfile profile = DefaultProfile.getProfile(REGION_CN_HANGZHOU, accessKeyId, accessKeySecret);
            DefaultAcsClient client = new DefaultAcsClient(profile);

            // 创建一个 AssumeRoleRequest 并设置请求参数
            final AssumeRoleRequest request = new AssumeRoleRequest();
            request.setVersion(STS_API_VERSION);
            request.setMethod(MethodType.POST);
            request.setProtocol(protocolType);

            request.setRoleArn(roleArn);
            request.setRoleSessionName(roleSessionName);
            request.setPolicy(policy);
            request.setDurationSeconds(durationSeconds);

            // 发起请求，并得到response

            final AssumeRoleResponse response = client.getAcsResponse(request);

            return response;
        } catch (ClientException e) {
            throw e;
        }
    }

    /**
     *
     * @return
     */
    @RequestMapping("getStsToken.json")
    @ResponseBody
    public ResponseModelBootstrapTable getStsToken(){

        // 只有 RAM用户（子账号）才能调用 AssumeRole 接口
        // 阿里云主账号的AccessKeys不能用于发起AssumeRole请求
        // 请首先在RAM控制台创建一个RAM用户，并为这个用户创建AccessKeys
        String accessKeyId = "LTAIV71xrGJnFp34";
        String accessKeySecret = "jTAWGeID6tfGjvUq6ycn4be9k61E8j";
        // RoleArn 需要在 RAM 控制台上获取
        String roleArn = "acs:ram::1791056109598868:role/aliyunosstokengeneratorrole";
        long durationSeconds = 900;
        // String policy = "policy/all_policy.txt";
        String policy="{" +
                " \"Statement\": [" +
                " {" +
                "\"Action\": [" +
                " \"oss:*\"" +
                "]," +
                "\"Effect\": \"Allow\"," +
                "\"Resource\": [\"acs:oss:*:*:*\"]" +
                "}" +
                "]," +
                " \"Version\": \"1\"" +
                "}";
        // RoleSessionName 是临时Token的会话名称，自己指定用于标识你的用户，主要用于审计，或者用于区分Token颁发给谁
        // 但是注意RoleSessionName的长度和规则，不要有空格，只能有'-' '_' 字母和数字等字符
        // 具体规则请参考API文档中的格式要求
        String roleSessionName = "alice-001";

        // 此处必须为 HTTPS
        ProtocolType protocolType = ProtocolType.HTTPS;
        ResponseModelBootstrapTable model=new ResponseModelBootstrapTable();
        try{
            final AssumeRoleResponse stsResponse = assumeRole(accessKeyId, accessKeySecret, roleArn, roleSessionName,
                    policy, protocolType, durationSeconds);
            Map<String, String> respMap = new LinkedHashMap<String, String>();
            respMap.put("status", "200");
            respMap.put("AccessKeyId", stsResponse.getCredentials().getAccessKeyId());
            respMap.put("AccessKeySecret", stsResponse.getCredentials().getAccessKeySecret());
            respMap.put("SecurityToken", stsResponse.getCredentials().getSecurityToken());
            respMap.put("Expiration", stsResponse.getCredentials().getExpiration());
            model.put("token",respMap);
            model.success("调取成功");

        }catch (ClientException e){
            model.error("获取失败："+e.getMessage());
        }
        return model;

    }




}